Results 1 to 6 of 6

Thread: linux payloads metasploit

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    #!/bin/sh
    Posts
    4

    Default linux payloads metasploit

    Hi
    There seems to be too few linux payloads for metasploits. The ones like adduser or chroot requires root access.
    What if the exploited service runs on a less priveledged account? It seems useless to shove a shell back to the
    attacker when the exploited service runs on a less priviledged account.

    e.g.
    #bt~ whoami
    mysql
    apache

    I would like to know how to escalate priviledges on a linux system.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: linux payloads metasploit

    Quote Originally Posted by stboon View Post
    It seems useless to shove a shell back to the attacker when the exploited service runs on a less priviledged account.
    I disagree. An unprivileged shell is much better than no shell at all. It can help you run commands necessary to escalate your privileges to root. It also may give you enough rights to acquire your objective - e.g. you will be able to read certain files on the system, you will be able to send network traffic and potentially use the system as a pivot, etc, etc.

    Quote Originally Posted by stboon View Post
    I would like to know how to escalate priviledges on a linux system.
    Use a privilege escalation exploit. They usually involve either exploiting the Linux kernel or a kernel module, exploiting a program that is running as root or exploiting a program that can be made to run as root (e.g. a SUID binary). Search the Exploit DB for local exploits on Linux, you should be able to find a few.

    If you also read up on privileges in Linux and the various ways to run something as root you will also learn how to check for configuration flaws that may lead to the possibility of privilege escalation. From memory, Hacking Exposed has a chapter on this. This blog entry also has some hints in this direction.
    Last edited by lupin; 02-27-2010 at 03:51 PM.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default Re: linux payloads metasploit

    Also you are not accounting for systems which are administered badly. Its amazing the amount of places that run web apps and cronjobs as root or give the apache user loose privileges in order to access certain areas. There are lots of ways to escalate your privs on a linux box.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: linux payloads metasploit

    This would seem to be more of a request for the actual Metasploit devs. If you think there are too few exploits for Linux you should:

    1) Take it up with the people who actually develop/maintain Metasploit (http://www.metasploit.com/).
    2) Produce and contribute some (http://www.metasploit.com/contribute/).

    Metasploit is simply included as part of Backtrack the BT team does not control how many exploits Metasploit offers for a particular platform or target.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default Re: linux payloads metasploit

    Index of /scripts/downloaded/localroot

    included recent binary for the BSD exploit :P

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    #!/bin/sh
    Posts
    4

    Default Re: linux payloads metasploit

    T.Q. for the links...
    Here is another tool National Vulnerability Database (NVD) Search Vulnerabilities

Similar Threads

  1. New to Linux and Bracktrack Need Installation help.
    By FreeRangers in forum Beginners Forum
    Replies: 11
    Last Post: 02-18-2010, 01:39 AM
  2. Some one please teach me the basics of linux.
    By sh4rkbyt3 in forum Beginners Forum
    Replies: 2
    Last Post: 02-09-2010, 10:32 PM
  3. Someone teach me basic networking for linux
    By thetom in forum Beginners Forum
    Replies: 3
    Last Post: 02-03-2010, 11:02 AM
  4. Replies: 1
    Last Post: 02-01-2010, 08:42 AM
  5. Linux on the go!
    By Virchanza in forum BackTrack Howtos
    Replies: 1
    Last Post: 01-26-2010, 08:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •